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1 This action is in response to the communication filed on 5/19/2005. 

2 Response to Arguments 

3 Applicant's arguments with respect to claims 1-32 have been considered but are moot in 

4 view of the new ground(s) of rejection. 

5 DETAILED ACTION 

6 All objections and rejections not set forth below have been withdrawn. 

7 Claims 1-32 have been examined. 

8 Claim Rejections - 35 USC §103 

9 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

10 obviousness rejections set forth in this Office action: 

1 1 A patent may not be obtained though the invention is not identically disclosed or 

12 described as set forth in section 102 of this title, if the differences between the subject matter 

1 3 sought to be patented and. the prior art are such that the subject matter as a whole would have 

14 been obvious at the time the invention was made to a person having ordinary skill in the art to 

1 5 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

1 6 the invention was made. 
17 

18 Claims 1-2, 23-25, and 26-32 are rejected under 35 U.S.C. 103(a) as being unpatentable 

19 over Brezak et al. (US Patent Application Publication 2003/0018913) hereinafter referred to as 

20 Brezak, and further in view of Ganesan (US Patent Number 5,535,276). 

21 Regarding claim 1, Brezak disclosed a method for a middle tier server to impersonate a 

22 client to a plurality of servers, the method comprising: obtaining a common nonce associated 

23 with each of the plurality of servers from an entity other than the client or the plurality of servers 

24 (See Brezak Fig. 2 and Paragraph 0043 "service ticket"); providing the common nonce to the 

25 client (See Brezak Fig. 2 Paragraph 0043 Lines 3-6)); receiving the common nonce at the middle 
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1 tier server (See Brezak Paragraph 0043 Lines 6-9), and providing the common nonce as a 

2 signature for transactions for the client to the plurality of servers so as to authenticate the client 

3 to the plurality of servers (See Brezak Paragraph 0044 and Paragraph 0055 Lines 12-14). 

4 However, Brezak failed to disclose the client signing the common nonce (service ticket). 

5 Ganesan teaches that in a ticketing system, in order to protect against dictionary attacks, 

6 the ticket should be encrypted by the ticket granting system with the key shared between the 

7 server to be accessed and the ticket granting server (See Ganesan Col. 5 Lines 34-56), and the 

8 user should sign the ticket (TEMP-CERT) (See Ganesan Col. 15 Lines 45-60). 

9 It would have been obvious to the ordinary person skilled in the art at the time of 

10 invention to employ the teachings of Ganesan in the ticketing system of Brezak by having the 

1 1 ticket encrypted with server/ticket granting system keys, and having the client sign the service 

1 2 ticket before sending the ticket to the Server A. This would have been obvious because the 

13 ordinary person skilled in the art would have been motivated to provide protection against 

14 dictionary attacks against the ticket. 

15 Regarding claim 26, the combination of Brezak and Ganesan disclosed a system for a 

16 middle tier server to impersonate a client to a plurality of servers, the system comprising: means 

17 for obtaining a common nonce associated with each of the plurality of servers from an entity 

1 8 other than the client or the plurality of servers (See Brezak Fig. 2 and. Paragraph 0043 "service 

19 ticket"); means for providing the common nonce to the client (See Brezak Fig. 2 Paragraph 0043 

20 Lines 3-6)); means for receiving the common nonce singed by the client at the middle tier server 

21 (See Brezak Paragraph 0043 Lines 6-9 and Ganesan Col. 15 Lines 45-60), and means for 

22 providing the common nonce as a signature for transactions for the client to the plurality of 
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1 servers so as to authenticate the client to the plurality of servers (See Brezak Paragraph 0044 and 

2 Paragraph 0055 Lines 12-14). 

3 Regarding claim 27, the combination of Brezak and Ganesan disclosed a computer 

4 program product (See Brezak Paragraph 001 5) for a middle tier server to impersonate a client to 

5 a plurality of servers, comprising: a computer readable media having computer readable program 

6 code embodied therein, the computer readable program code comprising: computer readable 

7 program code that obtains a common nonce associated with each of the plurality of servers from 

8 an entity other than the client or the plurality of servers (See Brezak Fig. 2 and Paragraph 0043 

9 "service ticket"); computer readable program code that provides the common nonce to the client 

10 (See Brezak Fig. 2 Paragraph 0043 Lines 3-6)); computer readable program code that receives 

1 1 the common nonce singed by the client at the middle tier server (See Brezak Paragraph 0043 

12 Lines 6-9 and Ganesan Col. 15 Lines 45-60), and computer readable program code that provides 

13 the common nonce as a signature for transactions for the client to the plurality of servers so as to 

14 authenticate the client to the plurality of servers (See Brezak Paragraph 0044 and Paragraph 0055 

15 Lines 12-14). 

16 Regarding claim 28, the combination of Brezak and Ganesan disclosed a method of 

17 authenticating a client, comprising: receiving at a server of a plurality of servers, a common 

18 nonce which is associated with each of the plurality of servers from an entity other than the client 

19 of the plurality of servers (See Brezak Paragraph 0048), the common nonce being signed by the 

20 client (See Ganesan Col. 15 Lines 45-60), and authenticating the client based on the received 

21 signed common nonce (See Brezak Paragraph 0048). 
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1 Regarding claim 3 1, the combination of Brezak and Ganesan disclosed a system for 

2 authenticating a client, comprising: means for receiving at a server of a plurality of servers, a 

3 common nonce which is associated with each of the plurality of servers from an entity other than 

4 the client of the plurality of servers (See Brezak Paragraph 0048), the common nonce being 

5 signed by the client (See Ganesan Col. 15 Lines 45-60), and means for authenticating the client 

6 based on the received signed common nonce (See Brezak Paragraph 0048). 

7 Regarding claim 32, the combination of Brezak and Ganesan disclosed a system for 

8 authenticating a client, comprising: means for receiving at a server of a plurality of servers, a 

9 common nonce which is associated with each of the plurality of servers from an entity other than 

10 the client of the plurality of servers (See Brezak Paragraph 0048), the common nonce being 

1 1 signed by the client (See Ganesan Col. 15 Lines 45-60), and means for authenticating the client 

12 based on the received signed common nonce (See Brezak Paragraph 0048). 

13 Regarding claim 33, the combination of Brezak and Ganesan disclosed a computer 

14 program product for authenticating a client, comprising: a computer readable media having 

15 computer readable program code embodied therein (See Brezak Paragraph 0015), the computer 

16 readable program code comprising: computer readable program code which receiving at a server 

17 of a plurality of servers, a common nonce which is associated with each of the plurality of 

18 servers from an entity other than the client of the plurality of servers (See Brezak Paragraph 

19 0048), the common nonce being signed by the client (See Ganesan Col. 15 Lines 45-60), and 

20 computer readable program code which authenticates the client based on the received signed 

21 common nonce (See Brezak Paragraph 0048). 
22 
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1 Regarding claims 2 and 30, the combination of Brezak and Ganesan disclosed that the 

2 common nonce is generated based on information provided by each of the plurality of servers 

3 (See Ganesan Col. 5 Lines 34-56). 

4 Regarding claim 23, the combination of Brezak and Ganesan disclosed that the step of 

5 obtaining a common nonce comprises the steps of: obtaining the common nonce from a party 

6 trusted by the middle-tier server and the plurality of servers, the common nonce being signed by 

7 the trusted party; and verifying the signature of the common nonce is the signature of the trusted 

8 party (See the rejection of claim 1 above, especially Ganesan Col. 5 Lines 34-56). 

9 Regarding claim 24, the combination of Brezak and Ganesan disclosed that at least one of 

10 the plurality of servers carries out the steps of: receiving a client certificate, determining if the 

1 1 client certificate is trusted; and indicating that the client is not authenticated if the client 

12 certificate is not trusted (See Brezak Paragraph 0055). 

13 Regarding claim 25, the combination of Brezak and Ganesan disclosed that at least one of 

14 the plurality of servers carries out the steps of: receiving the signed common nonce and a client 

15 certificate; determining if the signature of the signed common nonce corresponds to a signature 

16 of the client certificate; and indicating that the client is not authenticated if the signature of the 

17 signed common nonce does not correspond to the signature of the client certificate (See Ganesan 

18 Col. 16 Line 64 - Col. 17 Line 5 and Col. 17 Lines 56-61). 

19 Regarding claim 29, the combination of Brezak and Ganesan disclosed that the common 

20 nonce is provided by a trusted third party (See Brezak Paragraph 43), 
21 

22 
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1 

2 Claims 3, 5, 7-1 1, and 14-15 are rejected under 35 U.S.C. 103(a) as being unpatentable 

3 over the combination of Brezak and Ganesan as applied to claim 2 above, and further in view of 

4 Ford (US Patent Number 6,829,356). 

5 Regarding claim 3, Brezak and Ganesan disclosed generating the common nonce based 

6 on information obtained from each of the plurality of servers (See the rejection of claim 2 

7 above), but failed to disclose obtaining pre-nonce contributions from the plurality of servers; 

8 combining the pre-nonce contributions to provide a single pre-nonce token; and providing the 
. 9 common nonce based on the pre-nonce token. 

10 Ford teaches a system in which a client can authenticate to a plurality of servers by 

1 1 signing proof data generated from a plurality of nonces associated with a plurality of servers (See 

12 Ford Col. 15 Line 9 - Col. 16 Line 14) involving obtaining pre-nonce contributions from the 

13 plurality of servers (See Ford Col. 15 Lines 24-3 1); combining the pre-nonce contributions to 

14 provide a single pre-nonce token; and providing the common nonce based on the pre-nonce 

15 token (See Ford Col. 15 Lines 56-61). 

16 It would have been obvious to the ordinary person skilled in the art at the time of 

17 invention to employ the teachings of Ford in the ticketing and authentication system of Brezak 

18 and Ganesan by providing the ticket granter with server nonces, combining the nonces, and 

19 placing the nonces in the ticket to be signed. This would have been obvious because the ordinary 

20 person skilled in the art would have been motivated to provide strong secret data which could be 

2 1 verified in the ticket. 
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1 Regarding claim 5, the combination of Brezak, Ganesan, and Ford disclosed that the step 

2 of combining the pre- nonce contributions to provide a single pre-nonce token comprises 

3 concatenating the pre-nonce contributions (See Ford Col. 15 Lines 56-61). 

4 Regarding claim 7, the combination of Brezak, Ganesan, and Ford disclosed that the step 

5 of obtaining pre-nonce contributions comprises the steps of: requesting a pre-nonce contribution 

6 from each of the plurality of servers (See Ford Col. 15 Paragraph 2); and receiving the pre-nonce 

7 contributions from the plurality of servers (See Ford Col. 1 5 Paragraph 2), 

8 Regarding claim 8, the combination of Brezak, Ganesan, and Ford disclosed that 

9 requesting a pre-nonce contribution comprises sending authenticated requests to the plurality of 

10 servers (See Ford Col. 15 Lines 1-22). 

1 1 Regarding claim 9, the combination of Brezak, Ganesan, and Ford disclosed the step of 

12 encrypting the authenticated requests sent to the plurality of servers (See Ford Col. 15 Paragraph 

13 1). 

14 Regarding claim 10, the combination of Brezak, Ganesan, and Ford disclosed that the 

1 5 authenticated requests include at least one of an identification of a source of the request, a time 

1 6 stamp and a random number (See Brezak Paragraph 005 1). 

17 Regarding claim 1 1, the combination of Brezak, Ganesan, and Ford disclosed that the 

1 8 pre-nonce contributions include at least one of an identification of a server of the plurality of 

19 servers and a random number (See Ford Col. 15 Lines 24-38, and Line 56 Col. 16 Line 2). 

20 Regarding claim 14, the combination of Brezak, Ganesan, and Ford disclosed the steps 

21 of: receiving a transaction identification from a trusted server of the plurality of servers; and 
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1 associating the transaction identification with the common nonce (See Ford Col 15 Lines 22- 

2 31). 

3 Regarding claim 15, the combination of Brezak, Ganesan, and Ford disclosed the step of 

4 tracking use of the common nonce based on the transaction identification (See Ford Col. 15 Line 

5 22 -Col. 16 Line 2). 

6 Claims 4, 6, 12-13 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

7 the combination of Brezak, Ganesan, and Ford as applied to claim 3 above, and further in view 

8 of Schneier (Applied Cryptography). 

9 Regarding claim 4, the combination of Ford and Blakley disclosed providing a common 

10 nonce (See Ford Col. 15 Lines 56-61), but failed to disclose reducing the nonce challenges to 

1 1 provide the common nonce. However, Ford and Blakley did disclose digitally signing a message 

12 containing the nonce challenges (See Ford Col. 15 Lines 56-61). 

13 Schneier teaches that when digitally signing a message, it is practical to hash the message 

14 and encrypt the hash, with a private key, as the signature, rather than encrypting the whole 

1 5 message (See Schneier Page 38 Section Signing Documents with Public-Key Cryptography and 

16 One-Way Hash Functions). Schneier also teaches that in such a system, to verify the signature, 

17 the verifier hashes the message, decrypts the signed hash with the signers public key, and verifies 

18 that the two hashes are the same (See Schneier Page 38 Section Signing Documents with Public- 

19 Key Cryptography and One-Way Hash Functions). 

20 It would have been obvious to the ordinary person skilled in the art at the time of 

21 invention to employ the teachings of Schneier in the digital signatures of Brezak, Ganesan, and 

22 Ford by signing and verifying the hash of the nonce message instead of the whole nonce 
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1 message. This would have been obvious because the ordinary person skilled in the art would 

2 have been motivated to increase the speed of the signing method. 

3 Regarding claim 6, the combination of Brezak, Ganesan, Ford, and Schneier disclosed 

4 that the step of reducing the pre-nonce token to provide the common nonce comprises the step of 

5 hashing the pre-nonce token utilizing a one-way hash function so as to provide the common 

6 nonce (See the rejection of claim 4 above). 

7 Regarding claim 20, the combination of Brezak, Ganesan, Ford, and Schneier disclosed 

8 that at least one of the plurality of servers carries out the steps of: receiving the signed common 

9 nonce, the common nonce and the pre-nonce token; hashing the received pre-nonce token; 

10 comparing the hashed pre-nonce token to the common nonce; indicating that the client is not 

1 1 authenticated if the hashed pre-nonce token is different from the common nonce (See Ford Col. 

12 15 Lines 56-65 and Schneier Page 38 Section Signing Documents with Public-Key Cryptography 

13 and One- Way Hash Functions). 

14 Regarding claims 12-13, the combination of Brezak, Ganesan, and Ford disclosed the 

1 5 client checking the nonce challenge from the server for requisite strength, and aborting the 

16 authentication process if the nonce challenge did not meet the requisite strength (See Ford Col. 

17 15 Lines 39-41), but failed to disclose that this check included checking the signature of the 

1 8 nonce challenge to verify that it was signed by the server. 

19 Schneier teaches that digital signatures provide a means for verifying the sender of a 

20 message (See Schneier Page 37 Signing Documents with Public Key Cryptography). 

21 It would have been obvious to the ordinary person skilled in the art at the time of invention to 

22 employ the teachings of Schneier in the nonce challenge system of Ford and Blakley by having 
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1 the server sign the challenges and having the client verify the signature of the challenges before 

2 using the challenges. This would have been obvious because the ordinary person skilled in the 

3 art would have been motivated to protect against illicit alteration of the challenge nonce. 

4 Claims 16-19, and 21-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

5 the combination of Brezak, Ganesan, and Ford as applied to claim 3 above, and further in view 

6 of Menezes et al. (Handbook of Applied Cryptography). 

7 The combination of Brezak, Ganesan, and Ford disclosed the server receiving the nonce 

8 challenges, and authenticating the client based on whether the nonce challenges included the 

9 nonce challenge of the server (See Ford Col. 15 Lines 56-65), but failed to disclose that the 

10 nonce challenges included random numbers. The combination further disclosed using a users 

1 1 public key to verify the signature of the nonce message by verifying that the signature 

12 corresponded to the signature of the clients private/public key pair (See Ford Col. 15 Lines 56- 

13 65), but failed to disclose that the verifying server got the public key from a public key certificate 

14 and also failed to disclose that the authentication would fail if the certificate was not trusted. 

15 Menezes teaches that nonce challenges can be random numbers (See Menezes Page 398). 

16 Menezes further teaches that when using nonce challenges the challenger should apply a timeout 

17 period to the nonce and not authenticate the client if the response is received after the timeout 

18 period has expired (See Menezes Page 398 Section (i)). Menezes teaches further still that public 

19 key certificates are a means to store, distribute, and forward public keys without danger of 

20 undetectable manipulation. Menezes also teaches that when using a certificate for 

21 authentication, the certificate is received, the expiration date is checked, the certification 

22 authority validity is checked, the signature of the certificate is checked, and the certificate is 
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1 checked to see if it has been revoked, and if these checks pass then the public key is valid (See 

2 Menezes Pages 559-560). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Menezes in the nonce challenge system of Brezak, 

5 Ganesan, and Ford by having the nonce challenges be random numbers and by applying and 

6 checking a timeout period to the nonce when authenticating a client. This would have been 

7 obvious because the ordinary person skilled in the art would have been motivated to provide 

8 uniqueness and timeliness assurances in the system in order to avoid replay and interleaving 

9 attacks. It further would have been obvious to employ the teachings of Menezes in the 

10 authentication system of Brezak, Ganesan and Ford by obtaining the public key from a public 

1 1 key certificate and verifying that the certificate is valid in order to use the public key to 

12 authenticate the client. This would have been obvious because the ordinary person skilled in the 

13 art would have been motivated to protect against undetected manipulation of the public key. 

14 Conclusion 

15 Claims 1-32 have been rejected. 

16 The prior art made of record and not relied upon is considered pertinent to applicant's 

17 disclosure. 

1 8 Brezak et al. (US Patent Application Publication 2002/01 50253) disclosed a system in 

19 which a server authenticates a client and once authenticated the server presents authentication 

20 information to a plurality of servers. 

21 Bartolomeos et al. (PCT Publication WO 99/56194) disclosed a system in which a server 

22 authenticates a client and then provides authentication of the client to a plurality of other servers. 
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1 Damour et al. (European Patent Application EP1 168763) disclosed a system in which a 

2 server authenticates a client using nonce challenges and then delegates the authorization to other 

3 servers. 

4 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

5 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

6 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

7 A shortened statutory period for reply to this final action is set to expire THREE 



8 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

9 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
10 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 



1 1 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

12 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 

13 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

14 final action. 

15 Any inquiry concerning this communication or earlier communications from the 

16 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

17 The examiner can normally be reached on M-F 8-4. 

18 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

19 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

20 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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Assistant Examiner 
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